Categories

Simple Machines Malware

Simple Machines is a forum software used by thousands of website owners around the world to build online communities into their websites. Unfortunately, it is a perfect target for malicious hackers too. Finding a way to compromise the Simple Machines installation to inject malware into a legitimate website thereby infecting its visitors is an attractive proposition for malicious hackers.

This post will detail a fast-growing new strain of malware that has targeted Simple Machines enabled websites. At the time of posting, close to 30,000 websites have been infected with this malware. We detail the attack below.

The malware
This malware is primarily found in the form of a script element that contains the various commands to infect the website visitor.

Interestingly, this malware also creates an Iframe element that loads additional malware from an external website. Notice the Iframe element at the end of the sample below (this creates a link to m-e.crossfitharlem.net).

How do I protect my site?
Malicious hackers are constantly changing their tactics in order to evade detection and to continue to infect unsuspecting users. It is imperative to keep up-to-date on the latest ways that infections are spreading to legitimate websites.

StopTheHacker.com customers are protected against these kind of threats. If you would like more information on how to protect your website, please feel free to contact us. You can also visit our services page to protect your website now.